venerdì 7 ottobre 2011

We have already discussed how to install ubuntu 9.04 LAMP server .If you are a new user and not familiar with command prompt you can install GUI for your ubuntu LAMP server using the 2 options

1) Install desktop Environment
2) Install Webmin
1) Install desktop Environment
First you nee to make sure you have enabled Universe and multiverse
repositories in /etc/apt/sources.list file once you have enable you need
to use the following command to install GUI

sudo apt-get update

sudo apt-get install ubuntu-desktop

The above command will install GNOME desktop
If you wan to install a graphical desktop manager without some of the
desktop addons like Evolution and OpenOffice, but continue to use the
server flavor kernel use the following command

sudo aptitude install --without-recommends ubuntu-desktop

If you want to install light weight desktop install xfce using the following command

sudo apt-get install xubuntu-desktop

If you want to install KDE desktop use the following command

sudo apt-get install kubuntu-desktop

2) Install Webmin in Ubuntu
Webmin is a web-based interface for system administration for Unix.
Using any modern web browser, you can setup user accounts, Apache, DNS,
file sharing and much more. Webmin removes the need to manually edit
Unix configuration files like /etc/passwd, and lets you manage a system
from the console or remotely.Currently There is no Webmin package in the
Ubuntu repositories.This tutorial will explain how to Install Webmin in
Ubuntu Jaunty
You can install webmin for your server web interface to configure
apache2,mysql,FTp servers and many more.Now we will see how to install
webmin in Ubuntu 9.04

Preparing your system
First you need to install the following packages

Now download the latest webmin using the following command or from here

wget http://prdownloads.sourceforge.net/webadmin/webmin_1.470_all.deb

Now we have webmin_1.470_all.deb package install this package using the following command

sudo dpkg -i webmin_1.470_all.deb

This will complete the installation.

Using the Webmin APT repository
If you like to install and update Webmin via APT, edit the /etc/apt/sources.list file on your system

sudo vi /etc/apt/sources.list

add the line

deb http://download.webmin.com/download/repository sarge contrib

Save and exit the file
You should also fetch and install my GPG key with which the repository is signed, with the commands : cd /root

wget http://www.webmin.com/jcameron-key.asc

sudo apt-key add jcameron-key.asc

You will now be able to install with the commands

sudo apt-get update

sudo apt-get install webmin

All dependencies should be resolved automatically.
Ubuntu in particular don’t allow logins by the root user by default.
However, the user created at system installation time can use sudo to
switch to root. Webmin will allow any user who has this sudo capability
to login with full root privileges.

Now you need to open your web browser and enter the following

https://your-server-ip:10000/

Now you should see similar to the following Screen

After login if you want to configure Apache,Mysql server you need to
click on Servers on your lefthand side you should many servers are ready
to configure
This is very Easy to configure most of the servers and Enjoy your new Ubuntu Jaunty LAMP Server.

Bandwidth in computer networking refers to the data rate supported by a
network connection or interface. One most commonly expresses bandwidth
in terms of bits per second (bps). The term comes from the field of
electrical engineering, where bandwidth represents the total distance or
range between the highest and lowest signals on the communication
channel (band).

Bandwidth represents the capacity of the
connection. The greater the capacity, the more likely that greater
performance will follow, though overall performance also depends on
other factors, such as latency.

Bandwidthd
BandwidthD tracks usage of TCP/IP network subnets and builds html
files with graphs to display utilization. Charts are built by individual
IPs, and by default display utilization over 2 day, 8 day, 40 day, and
400 day periods. Furthermore, each ip address’s utilization can be
logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours
in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP,
VPN, and P2P traffic are color coded.Current Stable Version :- 2.0.1Project Home Page :- http://bandwidthd.sourceforge.net/

Bmon
bmon is a portable bandwidth monitor and rate estimator running on
various operating systems. It supports various input methods for
different architectures. Various output modes exist including an
interactive curses interface,lightweight HTML output but also formatable
ASCII output.

Bwbar
bwbar is a small C-based program for Linux-based machines which
produces bandwidth usage statistics for a network interface. It was
originally written by H. Peter Anvin, and I (Brian Towne) modified it
somewhat to better suit my needs. The original program was released
under the GPL. A number of people have asked for the modified program
and its source, so I have created this page.Current Stable Version :- 1.2.3

bwm
This is a very tiny bandwidth monitor (not X11). Can monitor up to 16 interfaces in the in the same time, and shows totals too.Current Stable Version :- 1.1.0

bwm-ng
small and simple console-based bandwidth monitor.Bandwidth Monitor NG
is a small and simple console-based live bandwidth monitor.Current Stable Version :- 0.6Project Home Page :- http://www.gropp.org/?id=projects&sub=bwm-ng

Cacti
Cacti is a complete network graphing solution designed to harness the
power of RRDTool’s data storage and graphing functionality. Cacti
provides a fast poller, advanced graph templating, multiple data
acquisition methods, and user management features out of the box. All of
this is wrapped in an intuitive, easy to use interface that makes sense
for LAN-sized installations up to complex networks with hundreds of
devices.Current Stable Version :- 0.8.7eProject Home Page :- http://cacti.net/

cbm
cbm — the color bandwidth meter — is a small program to display the traffic currently flowing through your network devices.Current Stable Version :- 0.1

dstat
Dstat is a versatile replacement for vmstat, iostat, netstat, nfsstat
and ifstat. Dstat overcomes some of their limitations and adds some
extra features, more counters and flexibility. Dstat is handy for
monitoring systems during performance tuning tests, benchmarks or
troubleshooting.Current Stable Version :- 0.7.1Project Home Page :- http://dag.wieers.com/home-made/dstat/

gdesklets
gDesklets is a system for bringing mini programs (desklets), such as
weather forecasts, news tickers, system information displays, or music
player controls, onto your desktop, where they are sitting there in a
symbiotic relationship of eye candy and usefulness. The possibilities
are really endless and they are always there to serve you whenever you
need them, just one key-press away. The system is not restricted to one
desktop environment, but currently works on most of the modern Unix
desktops (including GNOME, KDE, Xfce).Current Stable Version :- 0.36.1Project Home Page :- http://www.gdesklets.de/

ipband
ipband is a pcap based IP traffic monitor. It tallies per-subnet
traffic and bandwidth usage and starts detailed logging if specified
threshold for the specific subnet is exceeded. If traffic has been high
for a certain period of time, the report for that subnet is generated
which can be appended to a file or e-mailed. When bandwidth usage drops
below the threshold, detailed logging for the subnet is stopped and
memory is freed.Current Stable Version :- 0.8.1Project Home Page :- http://ipband.sourceforge.net/

iftop
iftop does for network usage what top does for CPU usage. It listens
to network traffic on a named interface and displays a table of current
bandwidth usage by pairs of hosts. Handy for answering the question
“why is our ADSL link so slow”.Current Stable Version :- 0.17Project Home Page :- http://www.ex-parrot.com/pdw/iftop/

ipfm
IP Flow Meter (IPFM) is a bandwidth analysis tool, that measures how much bandwidth specified hosts use on their Internet link.Current Stable Version :- 0.11.5
Project Home Page :- http://robert.cheramy.net/ipfm/

ifstat
ifstat is a tool to report network interfaces bandwith just like vmstat/iostat do for other system counters.Current Stable Version :- 1.1
Project Home Page :- http://gael.roualland.free.fr/ifstat/

ibmonitor
ibmonitor is an interactive linux console application which shows bandwidth consumed and total data transferred on all
interfaces.Current Stable Version :- 1.4 Project Home Page :- http://ibmonitor.sourceforge.net/

ipaudit
IPAudit monitors network activity on a network by host, protocol and
port.IPAudit listens to a network device in promiscuous mode, and
records every connection between two ip addresses. A unique connection
is determined by the ip
addresses of the two machines, the protocol used between them, and the port numbers (if they are communicating via udp or tcp).Current Stable Version :- 0.95

IPTraf
IPTraf is a console-based network statistics utility for Linux. It
gathers a variety of figures such as TCP connection packet and byte
counts, interface statistics and activity indicators, TCP/UDP traffic
breakdowns, and LAN station packet and byte counts.Current Stable Version :- 3.0.0

IFStatus
IFStatus was developed for Linux users that are usually in console
mode. It is a simple, easy to use program for displaying commonly needed
/ wanted statistics in real time about ingoing and outgoing traffic of
multiple network interfaces that is usually hard to find, with a simple
and effecient view. It is the substitute for PPPStatus and EthStatus
projects.Current Stable Version :- 1.1.0

jnettop
Jnettop is a traffic visualiser, which captures traffic going through
the host it is running from and displays streams sorted by bandwidth
they use.Current Stable Version :- 0.13.0Project Home Page :- http://jnettop.kubs.info/wiki/

MRTG
The Multi Router Traffic Grapher (MRTG) is a tool to monitor the
traffic load on network links. MRTG generates HTML pages containing PNG
images which provide a LIVE visual representation of this traffic.Current Stable Version :- 2.16.3
Project Home Page :- http://oss.oetiker.ch/mrtg/

moodss
moodss is a graphical monitoring application. It is modular so that
the code accessing the monitored objects is completely separate from the
application core. The core takes care of managing modules (loading and
unloading),displaying modules data through sortable tables and diverse
graphical viewers, handling user set threshold conditions with email
alerts, recording and browsing data history from a database.moodss can
even predict the future, using sophisticated statistical methods and
artificial neural networks, and therefore be used for capacity planning.Current Stable Version :- 21.5Project Home Page :- http://moodss.sourceforge.net/

monitord
A lightweight (distributed?) network security monitor for
TCP/IP+Ethernet LANs. It will capture certain network events and record
them in a relational database. The recorded data will be available for
analysis through a CGI based interface.Current Stable Version :- 4.0Project Home Page :- http://sourceforge.net/projects/monitord/

Netmrg
NetMRG is a tool for network monitoring, reporting, and graphing. Based on RRDTOOL, the best of open source graphing
systems, NetMRG is capable of creating graphs of any parameter of your network.Current Stable Version :- 0.20Project Home Page :- http://www.netmrg.net

nload
nload is a console application which monitors network traffic and
bandwidth usage in real time. It visualizes the in-and outgoing traffic
using two graphs and provides additional info like total amount of
transfered data and min/max network usage.Current Stable Version :- 0.7.2Project Home Page :- http://www.roland-riegel.de/nload/index.html

ntop
ntop shows the current network usage. It displays a list of hosts
that are currently using the network and reports information concerning
the IP (Internet Protocol) and Fibre Channel (FC) traffic generated by
each host. The traffic is sorted according to host and protocol. Default
protocol list (this is user configurable).Current Stable Version :- 3.3.10Project Home Page :- http://www.ntop.org

netspeed
Netspeed is just a little GNOME-applet that shows how much traffic
occurs on a specified network device (for example eth0). You get the
best impression of it, if you look at the screenshots below.Current Stable Version :- 0.14Netwatch
Netwatch is a Linux program created to aid in monitoring Network
Connections. It is based on a program called “statnet” but has been
substantially modified for its Ethernet emphasis. It is a dynamic
program which displays the Ethernet status based each the connection’s
activity. It has the capability of monitoring hundreds of site
statistics simultaneously. The connection’s port number (Well Known
Service) and destination address are available as well. There are
options which allow router statistics to be measured on simple networks
(with one router). External network communication is counted and
transfer rates are displayed.Current Stable Version :- 1.3.0-1Project Home Page :- http://www.slctech.org/~mackay/netwatch.html

NOCOL
NOCOL is a popular system and network monitoring (network management) software that runs on Unix systems and can
monitor network and system devices. It uses a very simple architecture
and is very flexible for adding new network management modulesCurrent Stable Version :- 4.3.1Project Home Page :- http://www.netplex-tech.com/nocol/

NeTraMet
NeTraMet is an open-source (GPL) implementation of the RTFM architecture for Network Traffic Flow Measurement,
developed and supported by Nevil Brownlee at the University of Auckland. Nevil also developed a version of NeTraMet
which uses the CoralReef library to read packet headers. This ‘CoralReef NeTraMet meter’ can work with any CoralReef
data source; it has been tested on both CAIDA and NLANR trace files, and on DAG and Apptel ATM interface cards.Current Stable Version :- 43Project Home Page :- http://freshmeat.net/projects/netramet/

NetPIPE
NetPIPE is a protocol independent performance tool that visually represents the network performance under a variety of
conditions. It performs simple ping-pong tests, bouncing messages of increasing size between two processes, whether
across a network or within an SMP system. Message sizes are chosen at
regular intervals, and with slight perturbations, to provide a complete
test of the communication system. Each data point involves many
ping-pong tests to provide an accurate timing. Latencies are calculated
by dividing the round trip time in half for small messages ( <64
Bytes ).Current Stable Version :- 3.7.1Project Home Page :- http://www.scl.ameslab.gov/netpipe/

netperf
Netperf is a benchmark that can be use to measure various aspect of networking performance. The primary foci are bulk
(aka unidirectional) data transfer and request/response performance
using either TCP or UDP and the Berkeley Sockets interface. As of this
writing, the tests available either unconditionally or conditionallyCurrent Stable Version :- 2.4.5Project Home Page :- http://www.netperf.org/netperf/

potion
This is a console utility which will listen on an interface using
libpcap, aggregate the traffic into flows and display the top (as many
as can fit on your screen) flows with their average throughput. A flow
is identified ip protocol, source ip, source port, destination ip,
destination port, and type of service flag.Current Stable Version :- 0.0.4

pktstat
Display a real-time list of active connections seen on a network
interface, and how much bandwidth is being used by what. Partially
decodes HTTP and FTP protocols to show what filename is being
transferred. X11 application names are also shown. Entries hang around
on the screen for a few seconds so you can see what just happened. Also
accepts filter expressions á la tcpdump.Current Stable Version :- 1.8.4Project Home Page :- http://www.adaptive-enterprises.com.au/~d/software/pktstat/

RTG
RTG is a flexible, scalable, high-performance SNMP statistics
monitoring system. It is designed for enterprises and service providers
who need to collect time-series SNMP data from a large number of targets
quickly. All collected data is inserted into a relational database that
provides a common interface for applications to generate complex
queries and reports. RTG includes utilities that generate configuration
and target files, traffic reports, 95th percentile reports and graphical
data plots. These utilities may be used to produce a web-based
interface to the data.Current Stable Version :- 0.7.4Project Home Page :- http://rtg.sourceforge.net/

speedometer
Monitor network traffic or speed/progress of a file transfer. The
program can be used for cases like: how long it will take for my 38MB
transfer to finish, how quickly is another transfer going, How fast is
the upstream on this ADSL line and how fast can I write data to my
filesystem.Current Stable Version :- 2.6Project Home Page :- http://excess.org/speedometer/

Spong
Spong is a simple system-monitoring package written in Perl. It
features client based monitoring, monitoring of network services,
results displayed via the Web or console, history of problems, and
flexible messaging when problems occur.Current Stable Version :- 2.7.6Project Home Page :- http://spong.sourceforge.net/

slurm
slurm started as a pppstatus port to FreeBSD. As I ripped off several functionsCurrent Stable Version :- 0.3.3

SNIPS
SNIPS (System & Network Integrated Polling Software) is a system
and network monitoring software that runs on Unix systems and can
monitor network and system devices. It is capable of monitoring DNS,
NTP, TCP or web ports, host performance, syslogs, radius servers, BGP
peers, etc. New monitors can be added easily (via a C or Perl API).Current Stable Version :- 1.1Project Home Page :- http://www.navya.com/software/snips/

tcpflow
tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way
that is convenient for protocol analysis or debugging. A program like tcpdump shows a summary of packets seen on the
wire, but usually doesn’t store the data that’s actually being
transmitted. In contrast, tcpflow reconstructs the actual data streams
and stores each flow in a separate file for later analysis. tcpflow
understands TCP sequence numbers and will correctly reconstruct data
streams regardless of retransmissions or out-of-order delivery.Current Stable Version :- 0.21Project Home Page :- http://www.circlemud.org/~jelson/software/tcpflow/

vnstat
vnStat is a network traffic monitor for Linux that keeps a log of
daily network traffic for the selected interface(s).vnStat isn’t a
packet sniffer. The traffic information is analyzed from the /proc
-filesystem, so vnStat can be used without root permissions. However at
least a 2.2.x kernel is required.Current Stable Version :- 1.10Project Home Page :- http://humdi.net/vnstat/

WMND
Shows a graph of incoming/outgoing traffic, activity indicators for
rx/tx and current/maximum rate for rx/tx in bytes or packets.Tailored
for use with WindowMaker, it will as well work with any other window
manager though.Current Stable Version :- 0.4.13Project Home Page :- http://dockapps.org/file.php/id/178

Mozilla Firefox is a graphical web browser developed by the Mozilla
Corporation. Started as a fork of the browser component (Navigator) of
the Mozilla Application Suite, Firefox has replaced the Mozilla Suite as
the flagship product of the Mozilla project, stewarded by the Mozilla
Foundation and a large community of external contributors.

Mozilla Firefox is a cross-platform
browser, providing support for various versions of Microsoft Windows,
Mac OS X, and Linux. Although not officially released for certain
operating systems, the freely available source code works for many other
operating systems, including FreeBSD,OS/2, Solaris, SkyOS, BeOS and
more recently, Windows XP Professional x64 Edition.

I am providing some Very Useful Tips to speedup your Firefox.

In your location bar, type about:config

Once it Opens You should see similar to the following screen

Tip1
In the filter bar type network.http.pipelining

You should see the following screen

Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.

Tip2
In the filter bar again and type network.http.pipelining.maxrequests
Once it Opens You should see the following screen

Default it says 4 under value field and you need to change it to 8
Once you finished this you should see the following screen.

Tip3
Go to the filter bar again and type network.http.proxy.pipelining
Once it Opens You should see similar to the following screen

Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.

Tip4
Go to the filter bar again and type network.dns.disableIPv6
Once it Opens You should see the following screen

Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.

Tip5
Go to the filter bar again and type plugin.expose_full_path
Once it Opens You should see the following screen

Normally it says ” false ” under value field , Double click it so it becomes ” true “.
Once you finished this you should see the following screen.

Tip6
Now you need to Create new Preference name with interger value for this got to Right click -> New -> Integer

Once it opens you should see the following screen

Here you need to type nglayout.initialpaint.delay and click ok

Now you need to enter 0 in value filed and click ok

Once you finished this you should see the following screen.

Tip7
Now you need to Create one more Preference name with interger value for this got to Right click -> New -> Integer

Once it opens you should see the following screen

Here you need to type content.notify.backoffcount and click ok

Now you need to enter 5 in value filed and click ok

Once you finished this you should see the following screen.

Tip8
Now you need to Create one more Preference name with interger value for this got to Right click -> New -> Integer

Once it opens you should see the following screen

Here you need to type ui.submenuDelay and click ok

Now you need to enter 0 in value filed and click ok

Once you finished this you should see the following screen.

Some more Tweaks
Enable the spellchecker for inputfields and textareas (default is textareas only)
layout.spellcheckDefault=2
Open lastfm://-links directly in amarok
network.protocol-handler.app.lastfm=amarok
network.protocol-handler.external.lastfm=true

Firefox Memory Leak Fix
Open a new tab. Type “about:config” without quotes into the address bar and hit enter/click Go.

Right-click anywhere, select New, then Integer. In the dialog prompt that appears, type:
browser.cache.memory.capacity
Click OK. Another dialog prompt will appear. This is where you decide
how much memory to allocate to Firefox. This depends on how much RAM
your computer has, but generally you don’t want to allocate too little
(under 8MB), but if you allocate too much, you might as well not do
this. A good recommended setting is 16MB. If you want 16MB, enter this
value into the dialog prompt:

16384
(Why 16384 instead of 16000? Because computers use base-12 counting.
Thus 16 megabytes = 16384 bytes. Likewise, if you want to double that
and allocate 32MB, you’d enter 32768.)
Click OK to close the dialog box, then close all instances of Firefox
and restart. If your Firefox still uses the same amount of memory, give
it a few minutes and it should slowly clear up. If that fails, try a
system reboot.

Some times you want to use iSO images without burning them.If you don’t
want to waste your CD’s/DVD’s here is the simple possible solutions
using these tips you can mount and unmount ISO images without burning
them.

Using Nautilus Scripts
I am taking this tip from here first you need to download two scripts for mount iso images download from here for unmount iso images download from here
Once you have these two scripts you need to change the permissions using the following commands

That’s it now you are ready for mounting and unmounting your ISO images.

ExampleMount ISO Image
Now i have one ISO image if you want to mount you need to right click and select scripts ---> mount-iso

Now it will prompt for root password and click ok

You can see the Mounter notification like the following

Here is the Successfully mounted message if you want to open this one click ok

This shows you available contents in mounted ISO image

Unmount ISO Image
Now i have one ISO image if you want to mount you need to right click and select scripts--->unmount-iso

Here is the Successfully Unmounted message

Using loop Kernel Module
First you need to make the directory to put the ISO into using the following command

sudo mkdir /media/isoimage

Now you need to add the loop module to your kernel.
What kernel loop module does?
I want to give brief introduction to kernel loop module.Using the
module loop it is possible to mount a filesystem file. squashfs is a
“loop” with (de)compression (Compressed Loopback Device) and it is
possible to mount a compressed filesystem like a block device and
seamlessly decompress its data while accessing it.
Use the following command to load loop module
sudo modprobe loop

Mount ISO Image
If you want to mount you need to use the following command

sudo mount debianetch.iso /media/isoimage/ -t iso9660 -o loop

In the above command you can replace debianetch.iso to your own iso image.
Now you should have your iso file mounted, and accessible from your desktop.

vino is VNC server for GNOME.VNC is a protocol that allows remote
display of a user’s desktop. This package provides a VNC server that
integrates with GNOME, allowing you to export your running desktop to
another computer for remote use or diagnosis.By default ubuntu will come with
vino-server so it is very easy to configure to enable remote desktop
sharing in your ubuntu machine.If you want to access ubuntu machine
remotely you need to login in to your ubuntu system.

Important note:
Remote Desktop will only work if there’s a GNOME login
session.Leaving your computer with an unattended GNOME login session is
not secure and not recommended.

Some Tips

1) You can lock your screen using System--->Quit

Once you click on quit you should see the following screen here you need to select lockscreen

2) switch off your monitor when computer is left unattended

Configuring Remote Desktop

First you need to go to System -> Preferences -> Remote Desktop

Once it opens you should see the following screen

In the above screen you need to configure remote desktop preferences for sharing and security

For Sharing
you need to tick the box next to the following two options
Allow other users to view your desktop
Allow other users to control your desktop

For Security
you need to tick the box next to the following two options
Ask you for confirmation (If you tick this option some one need to
click on allow from remote desktop once it connected if you don’t want
you can untick this option)
Require the user to enter this password:

Password: Specify the password

Connecting from Ubuntu Machine
Open your terminal from Applications--->Accessories--->Terminal and enter the following command

vncviewer -fullscreen 192.168.2.23:0

now you should see the following message asking for password enter
the password after complete success you can see VNC authentication
succeeded message and starting remote desktop

Connecting from Windows machine
If you are trying to connect from your windows machine you need to
install vncviewer of your choice i have installed from here
http://www.realvnc.com/download.html.Install this program once you
install this you can opem from start--->All
programs--->RealVNC--->VNC Viewer 4--->Run VNC Viewer once it
opens you should see the following screen here enter the remotemachine
ipaddress:0 format and click ok

Now it will prompt for password enter your password and click ok

Now on the remote machine you should see the following screen asking
for permission to allow this connection you need to click on allow this
will comeup only if you tick “Ask you for confirmation” option under
sharing

Once it connected you should see the remote machine desktop like the following screen

This tutorial describes how to install Ubuntu by copying the contents of
the installation CD to an USB memory stick (aka flash drive) and making
the stick bootable. This is handy for machines like ultra portable
notebooks that do not have a CD drive but can boot from USB media.

In short here’s what you do:
Prepare the USB flash drive
Boot the computer from your USB flash drive.
Install Ubuntu as you would from a normal boot CD

Prerequisites
A running Ubuntu 8.04 or any ubuntu version installation
A USB device (stick, pen-drive, USB hard disk) that has already been
formatted with FAT32 and has enough free space to hold your Ubuntu
installation image
A Ubuntu CD image downloaded from the Ubuntu servers or mirrors (*.iso file) or from here

Step 1
On the root directory of your USB device, create a folder “install”
Copy the installer kernel and the initramdisk into this folder (Download
source below.You need the files “vmlinux” and “initrd.gz”).
Download source for the installer kernel and initramdisk

Step 2
Note: You need to have the installer that fits the architecture of
your Ubuntu version you want to install. In other words, you need a
amd64 installer if you want to install an amd64 Ubuntu .iso image and
the i386 installer for an i386 iso.

Step 4
Make the stick bootable: Use fdisk to set the boot flag,
Install syslinux using the following command
sudo aptitude install syslinux
Now use syslinux to install a boot sector on your USB device

sudo syslinux /dev/sdbX

where sdbX is the device name and number of your USB device, check
with “sudo mount”. A file called “ldlinux.sys” will be created in the
root direcotry of the USB device.

Step 5
Copy the Ubuntu CD image in the root directory of your USB device
(Contents of USB you can see as follows).If you are using i386 you need
to copy the complete .iso image in to the root directory of your USB
device.

We have already discussed how to install google chrome using wine
.Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all Internet users to experience the
web. The Chromium codebase is the basis for Google’s Chrome browser.

First you need to download .deb package from here using the following command
wget http://media.codeweavers.com/pub/crossover/chromium/cxchromium_0.9.0-1_i386.deb
Now you have cxchromium_0.9.0-1_i386.deb package install this package using the following command

save and exit the file
Now add the GPG key using the following command
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xfbef0d696de1c72ba5a835fe5a9bf3bb4e5e17b5
or For karmic users use the following command

sudo add-apt-key ppa:chromium-daily/ppa

Update source list

sudo apt-get update

Install chromium browser using the following command

sudo apt-get install chromium-browser

This will complete the installation
If you want to open chromium go to Applications->CrossOver Chromium->Chromium
Chromium web browser in action

Problem

When uploading a WAR file larger than 50 MB, the Tomcat 7 Manager application reports:
The server encountered an internal error () that prevented it from fulfilling this request.
Exception java.lang.IllegalStateException:
org.apache.tomcat.util.http.fileupload.FileUploadBase$SizeLimitExceededException:
the request was rejected because its size (XXX) exceeds the configured maximum (52428800)

Solution

Go to the web.xml of the manager application (for instance it could be under /tomcat7/webapps/manager/WEB-INF/web.xml.

Create a web server with Linux, Apache, FTP and bind DNS: This tutorial covers the Linux server configuration required to host a website. The Apache web server, FTP server and DNS configuration are covered. The Apache web server is required to serve the web pages, the FTP server is required for users to upload content and the DNS server is required to resolve the domain names so that a URL entered into a web browser will point to your web server and properly serve the correct pages. The configurations presented will include virtual hosting which will allow a single Linux server to support multiple web site domains.

Web Site Prerequisites:
This tutorial assumes that a computer has Linux installed and running. See RedHat Installation for the basics. A connection to the internet is also assumed. A connection of 128 Mbits/sec or greater will yield the best results. ISDN, DSL, cable modem or better are all suitable. A 56k modem will work but the results will be mediocre at best. The tasks must also be performed with the root user login and password.
No single distribution seems to have an advantage. A Ubuntu, SuSe, Fedora, Red Hat or CentOS distribution will include all of the software you will need to configure a web server. If using Red Hat Enterprise Linux, both the Workstation or the Server edition will support your needs except that the Workstation edition will not include the vsFTP package. It will have to be compiled from source or use sftp. Software Prerequisites: The Apache web server (httpd), FTP (requires xinetd or inetd) and Bind (named) software packages with their dependencies are all required. One can use the rpm command to verify installation:

Note: The apache2-MPM is a generic term for Apache installation options for "Multi-Processing Modules (MPM)s "prefork" or "worker". If you try and only install apache2 you will get the following error:

One should also have a working knowledge of the Linux init process so that these services are initiated upon system boot. See the YoLinux init process tutorial for more info.

Apache HTTP Web server configuration:

This tutorial is for the Apache HTTP web server (Version 1.3 and 2.0). See the YoLinux list of Linux HTTP servers for a list of other web servers for the Hyper Text Transport Protocol.
The Apache web server configuration file is: /etc/httpd/conf/httpd.conf
Web pages are served from the directory as configured by the DocumentRoot directive. The default directory location is:

Linux distribution

Apache web server "DocumentRoot"

Red Hat 7.x-9, Fedora Core, Red Hat Enterprise 4/5/6, CentOS 4/5/6

/var/www/html/

Red Hat 6.x and older

/home/httpd/html/

Suse 9.x

/srv/www/htdocs/

Ubuntu (dapper 6.06) / Debian

/var/www/html

Ubuntu (hardy 8.04/natty 11.04) / Debian

/var/www

The default home page for the default configuration is index.html. Note the pages should not be owned by user apache as this is the process owner of the httpd web server daemon. If the web server process is comprimised, it should not be allowed to alter the files. The files should of course be readable by user apache. Apache may be configured to run as a host for one web site in this fashion or it may be configured to serve for multiple domains. Serving for multiple domains may be achieved in two ways:

The default configuration will allow one to have multiple user accounts under one domain by using a reference to the user account: http://www.domain.com/~user1/. If no domain is registered or configured, the IP address may also be used: http://XXX.XXX.XXX.XXX/~user1/. [Potential Pitfall] The default umask for directory creation is correct by default but if not use: chmod 755 /home/user1/public_html[Potential Pitfall] When creating new "Directory" configuration directives, I found that placing them by the existing "Directory" directives to be a bad idea. It would not use the .htaccess file. This was because the statement defining the use of the .htaccess file was after the "Directory" statement. Previously in RH 6.x the files were separated and the order was defined a little different. I now place new "Directory" statements near the end of the file just before the "VirtualHost" statements.
For users of Red Hat 7.1, the GUI configuration tool apacheconf was introduced for the crowd who like to use pretty point and click tools.
Files used by Apache:

Start/Stop/Restart scripts: The script is to be run with the qualifiers start, stop, restart or status.
i.e. /etc/rc.d/init.d/httpd restart. A restart allows the web server to start again and read the configuration files to pick up any changes. To have this script invoked upon system boot issue the command chkconfig --add httpd. See Linux Init Process Tutorial for a more complete discussion.
Also Apache control tool: /usr/sbin/apachectl startApache Control Command: apachectl:

Start the Apache httpd daemon. Gives an error if it is already running.

stop

Stops the Apache httpd daemon.

graceful

Gracefully restarts the Apache httpd daemon. If the daemon is not running, it is started. This differs from a normal restart in that currently open connections are not aborted.

restart

Restarts the Apache httpd daemon. If the daemon is not running, it is started. This command automatically checks the configuration files as in configtest before initiating the restart to make sure the daemon doesn't die.

status

Displays a brief status report.

fullstatus

Displays a full status report from mod_status. Requires mod_status enabled on your server and a text-based browser such as lynx available on your system. The URL used to access the status report can be set by editing the STATUSURL variable in the script.

configtest
-t

Run a configuration file syntax test.

Apache Configuration Files:

/etc/httpd/conf/httpd.conf: is used to configure Apache. In the past it was broken down into three files. These may now be all concatenated into one file. See Apache online documentation for the full manual.

/etc/httpd/conf.d/application.conf: All configuration files in this directory are included during Apache start-up. Used to store application specific configurations.

Basic settings: Change the default value for ServerName www.<your-domain.com>Giving Apache access to the file system: It is prudent to limit Apache's view of the file system to only those directories necessary. This is done with the directory statement. Start by denying access to everything, then grant access to the necessary directories.
Deny access completely to file system root ("/") as the default:

Deny first, then grant permissions:

<Directory />
Options None
AllowOverride None
</Directory>

Set default location of system web pages and allow access: (Red Hat/Fedora/CentOS)

Grant access to a user's web directory: public_html

Enabling Red Hat / Fedora Linux, Apache public_html user directory access: This will allow users to serve content from their home directories under the subdirectory "/home/userid/public_html/" by accessing the URL http://hostname/~userid/

Change to a comment (add "#" at beginning of line) from Fedora Core default UserDir disable and assign the directory public_html as a web server accessible directory. OR
Assign a single user the specific ability to share their directory:

Allows the specific user, "user1" only, the ability to serve the directory /home/user1/public_html/

Also use SELinux command to set the security context: setsebool httpd_enable_homedirs trueDirectory permissions: The Apache web server daemon must be able to read your web pages in order to feed their contents to the network. Use an appropriate umask and file protection. Allow access to web directory: chmod ugo+rx -R public_html.
Note that the user's directory also has to have the appropriate permissions as it is the parent of public_html.
Default permissions on user directory: ls -l /homedrwx------ 20 user1 user1 4096 Mar 5 12:16 user1
Allow the web server access to operate the parent directory: chmod ugo+x /home/user1d-wx--x--x 20 user1 user1 4096 Mar 5 12:16 user1
One may also use groups to control permisions. See the YoLinux tutorial on managing groups.

Enabling Ubuntu's Apache public_html user directory access: Ubuntu has broken out the Apache loadable module directives into the directory /etc/apache2/mods-available/. To enable an Apache module, generate soft links to the directory /etc/apache2/sites-enabled/ by using the commands a2enmod/a2dismod to enable/disable Apache modules.
Example:

[root@node2]# a2enmod
A list of available modules is displayed. Enter "userdir" as the module to enable.

Restart Apache with the following command: /etc/init.d/apache2 force-reload

Note: This is the same as manually generating the following two soft links:

Man page: a2enmod/a2dismod[Potential Pitfall]: If the Apache web server can not access the file you will get the error "403 Forbidden" "You don't have permission to access file-name on this server." Note the default permissions on a user directory when first created with "useradd" are:

drwx------ 3 userx userx

You must allow the web server running as user "apache" to access the directory if it is to display pages held there.
Fix with command: chmod ugo+rx /home/userx

or using the command setenforce 0 to temporarily disable SELinux until the next reboot. When using SELinux security features, the security context labels must be added so that Apache can read your files. The default security context label used is inherited from the directory for newly created files. Thus a copy (cp) must be used and not a move (mv) when placing files in the content directory. Move does not create a new file and thus the file does not recieve the directory security context label. The context labels used for the default Apache directories can be viewed with the command: ls -Z /var/www
The web directories of users (i.e. public_html) should be set with the appropriate context label (httpd_sys_content_t).
Assign a security context for web pages: chcon -R -h -t httpd_sys_content_t /home/user1/public_html
Options:

-R: Recursive. Files and directories in current directory and all subdirectories.

-h: Affect symbolic links.

-t: Specify type of security context.

Use the following security contexts:

Context Type

Description

httpd_sys_content_t

Used for static web content. i.e. HTML web pages.

httpd_sys_script_exec_t

Use for executable CGI scripts or binary executables.

httpd_sys_script_rw_t

CGI is allowed to alter/delete files of this context.

httpd_sys_script_ra_t

CGI is allowed to read or append files of this context.

httpd_sys_script_ro_t

CGI is allowed to read files and directories of this context.

Set the following options: setsebool httpd-option true
(or set to false)

Policy

Description

httpd_enable_cgi

Allow httpd cgi support.

httpd_enable_homedirs

Allow httpd to read home directories.

httpd_ssi_exec

Allow httpd to run SSI executables in the same domain as system CGI scripts.

Then restart Apache:

Red Hat/Fedora/Suse and all System V init script based Linux systems: /etc/init.d/httpd restart

Virtual Hosts:

The Apache web server allows one to configure a single computer to represent multiple websites as if they were on separate hosts. There are two methods available and we describe the configuration of each. Choose one method for your domain:

Name based virtual host: (most common) A single computer with a single IP adress supporting multiple web domains. The web browser using the http protocol, identifies the domain being addressed.

IP based virtual host: The virtual hosts can be configured as a single multi-homed computer with multiple IP addresses on a single network card, with each IP address representing a different web domain. This has the appearance of a web domain supported by a dedicated computer because it has a dedicated IP address.

Configuring a "name based" virtual host:

A virtual host configuration allows one to host multiple web site domains on one server. (This is not required for a dedicated linux server which hosts a single web site.)

Forwarding to a primary URL. It is best to avoid the appearance of duplicated web content from two URLs such as http://www.your-domain.com and http://your-domain.com. Supply a forwarding Apache "Redirect".

When specifying more domains, they may all use the same IP address or some/all may use their own unique IP address. Specify a "NameVirtualHost" for each IP address.
After the Apache configuration files have been edited, restart the httpd daemon: /etc/rc.d/init.d/httpd restart (Red Hat) or /etc/init.d/apache2 restart (Ubuntu / Debian)

Apache virtual domain configuration with Ubuntu Dapper/Hardy:

Ububntu separates out each virtual domain into a separate configuration file held in the directory /etc/apache2/sites-available/. When the site domain is to become active, a soft link is created to the directory /etc/apache2/sites-enabled/.

Configuring an "IP based" virtual host:

One may assign multiple IP addresse to a single network interface. See the YoLinux networking tutorial: Network Aliasing. Each IP address may then be it's own virtual server and individual domain. The downside of the "IP based" virtual host method is that you have to possess multiple/extra IP addresses. This usually costs more. The standard name based virtual hosting method above is more popular for this reason.

The executable program files must have execute privileges, executable by the process owner (Red Hat 7+/Fedora Core: apache. Older use nobody) under which the httpd daemon is being run.

Configuring CGI To Run With User Privileges:

The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web-server. Normally, when a CGI or SSI program executes, it runs as the

Running Multiple instances of httpd:

The Apache web server daemon (httpd) can be started with the command line option "-f" to specify a unique configuration file for each instance. Configure a unique IP address for each instance of Apache. See the YoLinux Networking Tutorial to specify multiple IP addresses for one NIC (Network Interface Card). Use the Apache configuration file directive Listen XXX.XXX.XXX.XXX, where the IP address is unique for each instance of Apache.

Apache Red Hat / Fedora Core GUI configuration:

GUI configuration tool:

Red Hat EL 4/5, Fedora 2-10: /usr/bin/system-config-httpd

Red Hat 8/9, Fedora Core 1: /usr/bin/redhat-config-httpd

Adding web site login and password protection: See the YoLinux tutorial on web site password protection. Log file analysis:
Scanning the Apache web log files will not provide meaningfull statistics unless they are graphed or presented in an easy to read fashion. The following packages to a good job of presenting site statistics.

One can view the settings which be used with your configuration file (also good for debugging): analog -settings Make Analog images available to the users report: ln -s /usr/share/analog/images/* /home/user1/public_html/analog Log file location:

Many FTP programs exist. This example covers the popular vsftpd (Red Hat default 9.0, Fedora Core, Suse) and wu-ftpd (Washington University) program which comes standard with RedHat (last shipped with RedHat 8.0 but can be installed on any Linux system). (RPM: wu-ftpd) There are other FTP programs including proFtpd (supports LDAP authentication, Apache like directives, full featured ftp server software), bftpd, pure-ftpd (free BSD and optional on Suse), etc ...
For hostile environments set up a chrooted environment for an sftp encrypted connection and the rssh restricted shell for OpenSSH. See the YoLinux.com internet security tutorial for Linux sftp and rssh configuration
FTPd and SELinux: To allow FTPd daemon access and FTP access to users home directories:

setsebool -P allow_ftpd_full_access=1
Other wise you will get an error in /var/log/messages:

SELinux is preventing the ftp daemon from writing files outside the home directory (./public_html).

setsebool -P ftp_home_dir 1

Follow with the command service vsftpd restart FTPd configuration tutorials:

The vsFTPd ftp server was first made available in Red Hat 9.0. It has been adopted by Suse and OpenBSD as well. This is currently the recomended FTP daemon for use on FTP servers. Enable vsftpd:

Red Hat/Fedora Core/CentOS: VsFTPd is a stand alone service and by the default Fedora Core installation, not controlled by xinetd as is the wu-ftpd default installation.
Thus start service: service vsftpd start (or: /etc/init.d/vsftpd start)
Configure vsftpd to start upon system boot: chkconfig --add vsftpd

SuSE: By default, the vsftpd is an xinetd controlled service. To enable FTP server services edit the file /etc/xinetd.d/vsftpd and change: disable = yes
to: disable = no
Restart the xinetd daemon: /etc/init.d/xinetd restart
Note: vsftpd can also be run as a stand-alone service to achieve a faster response time.

Restart the FTP service if the config file is changed: service vsftpd restart (or: /etc/init.d/vsftpd restart) [Potential Pitfall]: vsftp does NOT support comments on the same line as a directive. i.e.:

This causes PAM to check /etc/vsftpd.ftpusers for users who are denied. This duplicates /etc/vsftpd.user_list. Speciy user in both files as PAM is independent of vsftpd configuration. PAM authentication configuration file: ftpusers

Anonymous logins use the login name "anonymous" and then the user supplies their email address as a password. Any password will be accepted. Used to allow the public to download files from an ftp server. Generally, no upload is permitted.

The wu-ftpd FTP server can be downloaded (binary or source) from http://www.wfms.org/wu-ftpd/ (at one time: http://wu-ftpd.org).
There are three kinds of FTP logins that wu-ftpd provides:

anonymous FTP - one logs in with the username 'anonymous'

real FTP - log in with a real username and password and has access to the entire disk structure.

guest FTP - one logs in with a real user name and password, but the user is chroot'ed to his home directory and cannot escape from it. They are constrained to their home directory which also means that they don't have access to /bin/ls and other commands on the server. Thus a local minimalist environment must be set up.

user1, user2 and user3 refer to login accounts. Use the appropriate login name.

The above configuration disables anonymous FTP which allows anyone to perform an FTP login with the id anonymous and an email address as a password. To enable anonymous FTP, change the class directive to:

class all real,guest,anonymous *

GUI FTP configuration tools:

/usr/bin/kwuftpd

/sbin/linuxconf
(Note: Linuxconf is no longer included with Red Hat 7.3 and later)

Red Hat Linux assigns users a user id and group id which is the same. This means that it does not matter if you use a realuser or realgroup directive as they will act the same.

Red Hat Linux 7.1 and later uses the xinet daemon to manage ftp connections. Thus xinetd must be running and configured to support ftp. The configuration file is /etc/xinetd.d/wu-ftpd. The command chkconfig wu-ftpd on will make the ftp server available. See xinet configuration for more info.

Allow overide of deny-uid and/or deny-gid:

allow-uid user-to-allow
allow-gid group-to-allow

Optional configuration:

Create a group ftpchroot

Add users to this group

Use directive: guestgroup ftpchroot

[Potential Pitfall]: Flakey ftp behavior, timeouts, etc?? FTP works best with name resolution of the computer it is communicating with. This requires proper /etc/resolve.conf and name server (bind) configuration, /etc/hosts or NIS/NFS configuration.

File /home/user1/public_html/etc/pathmsg:

A NOTE TO USERS UPLOADING FILES:
File names may consist of letters (a-z, A-Z), numbers (0-9),
an under score ("_"), dash ("-") or period (".") only.
The file name may not begin with a period or dash.
You have tried to upload a file with an inappropriate name.

The whole point of the chroot directory is to make the user's home directory appear to be the root of the filesystem (/) so one could not wander around the filesystem. Configuration of /etc/ftpaccess will limit the user to their respective directories while still offering access to /bin/ls and other system commands used in FTP operation.
As root:

Then restart the firewall: /etc/init.d/iptables condrestart FTP will change ports during use. The ip_conntrack_ftp module will consider each connection "RELATED". If iptables allows RELATED and ESTABLISHED connections then FTP will work. i.e. rule: /etc/sysconfig/iptables

This is often a result of SELinux preventing the vsftpd process from accesing the user's home directory. As root, grant access with the following command: setsebool -P ftp_home_dir 1 Followed by: service vsftpd restart Test your vsftpd SELinux settings: getsebool -a | grep ftp

allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
allow_tftp_anon_write --> off
ftp_home_dir --> on
ftpd_disable_trans --> off
ftpd_is_daemon --> on
httpd_enable_ftp_server --> off
tftpd_disable_trans --> off

When hosting web sites, there is no need to grant a shell account which only allows the server to have more potential security holes. Current systems can specify the user to have only FTP access with no shell by granting them the "shell" /sbin/nologin provided with the system or the "ftponly" shell described below. The shell can be specified in the file /etc/passwd of when creting a user with the command adduser -s /sbin/nologin user-id[Potential Pitfall]: Red Hat 7.3 server with wu-ftp server 2.6.2-5 does not support this configuration to prevent shell access. It requires users to have a real user shell. i.e. /bin/bash It works great in older and current Red Hat versions. If it works for you, use it, as it is more secure to deny the user shell access. You can always deny telnet access. You should NOT be using this problem ridden version of ftpd. Use the latest wu-ftpd-2.6.2-11 which supports users with shell /opt/bin/ftponly[Potential Pitfall]: Ubuntu Dapper/Hardy - Setting the shell to the preconfigured shell /bin/false will NOT allow vsftp access. One must create the shell "ftponly" as defined below to allow vsftp access with no shell.

Disable remote telnet login access allowing FTP access only: Change the shell for the user in /etc/passwd from /bin/bash to be /opt/bin/ftponly.

The last step is to add this to the list of valid shells on the system.
Add the line /opt/bin/ftponly to /etc/shells.
Sample file contents: /etc/shells

/bin/bash
/bin/bash1
/bin/tcsh
/bin/csh
/opt/bin/ftponly

See man page on /etc/shells. An alternative would be to assign the shell /bin/false or /sbin/nologin which became available in later releases of Red Hat, Debian and Ubuntu. In this case the shell /bin/false or /sbin/nologin would have to be added to /etc/shells to allow them to be used as a valid shell for FTP while disabling ssh or telnet access.

Two of the most popular ways to configure the program Bind (Berkeley Internet Domain software) to perform DNS services is in the role of (1) ISP or (2) Web Host.

In an ISP configuration for clients (web surfers) conected to the internet, the DNS server must resolve IP addresses for any URL the user wishes to visit. (See DNS caching server)

In a purely web hosting configuration, Bind will only resolve for the IP addresses of the domains which are being hosted. This is the configuration which will be discussed and is often called an "Authoritative-only Nameserver".

When resolving IP addresses for a domain, Internic is expecting a "Primary" and a "Secondary" DNS name server. (Sometimes called Master and Slave) Each DNS name server requires the file /etc/named.conf and the files it points to. This is typically two separate computer systems hosted on two different IP addresses. It is not necesary that the Linux servers be dedicated to DNS as they may run a web server, mail server, etc. Note on Bind versions: Red Hat versions 6.x used Bind version 8. Release 7.1 of Red Hat began using Bind version 9 and the GUI configuration tool bindconf was introduced for those of you that like a pretty point and click interface for configuration.
Installation Packages:

Ubuntu includes the separated file of zone directives using the directive: include "/etc/bind/named.conf.local";

BIND Views: The BIND naming service can support "views" which allow various sub-networks (i.e. private internal or public external networks) to have a different domain name resolution result.

If no views are specified then use the configuration shown above.

The match-up between the "view" and the view client which receives the DNS information is specified by the match-clients statement.

If even one view is specified, then ALL zones MUST be associated with a "view".

Bind 9 allows for views which allow different zones to be served to different types of clients, localhost, private networks and public networks. This maps to the three view names "localhost_resolver", "internal" and "external":

localhost_resolver: Supports name resolution for the system (localhost) using BIND. Support for use of bind also has to be configured in /etc/nsswitch.conf

internal: User specified Local Area Network (LAN). If not used to support a local private LAN, remove (or comment out) this view.

external: The general public internet defined as client "any".

If you are only setting up a caching name server, then only specify the view "localhost_resolver" (delete all other views).

In order to support a DNS for internet domains using views, one will have to configure an "external" view

view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { any; };
match-destinations { any; };
allow-transfer { XXX.XXX.XXX.XXX; }; - IP address of secondary DNS
recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers
// all views must contain the root hints zone:
include "/etc/named.root.hints";
// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:
zone "your-domain.com" {
type master;
file "/var/named/data/external/named.your-domain.com";
notify yes;
allow-update { none; };
};
// You can also add the zones as a separate file like they do in Ubuntu by adding the following statement
include "/etc/named.conf.local";
};

DNS key:
Use the following command /usr/sbin/dns-keygen to create a key. Add this key to the "secret" statement as follows:

$TTL 604800- Bind 9 (and some of the later versions of Bind 8) requires $TTL statement. Measured in seconds. This value is 7 days.your-domain.com. IN SOA ns1.your-domain.com. hostmaster.your-domain.com. (
2000021600 ; serial - Many people use year+month+day+integer as a system.
86400 ; refresh - How often secondary servers (in seconds) should check in for changes in serial number. (86400 sec = 24 hrs)
7200 ; retry - How long secondary server should wait for a retry if contact failed.
1209600 ; expire - Secondary server to purge info after this length of time.
86400 ) ; default_ttl - How long data is held in cache by remote servers.
IN A XXX.XXX.XXX.XXX- Note that this is the default IP address of the domain.
I put the web server IP address here so that domain.com points to the same servers as www.domain.com
;
; Name servers for the domain
;
IN NS ns1.your-domain.com.
IN NS ns2.your-domain.com.
;
; Mail server for domain
;
IN MX 5 mail - Identify "mail" as the node handling mail for the domain. Do NOT specify an IP address!
;
; Nodes in domain
;
node1 IN A XXX.XXX.XXX.XXX- Note that this is the IP address of node1
ns1 IN A XXX.XXX.XXX.XXX- Optional: For hosting your own primary name server. Note that this is the IP address of ns1
ns2 IN A XXX.XXX.XXX.XXX- Optional: For hosting your own secondary name server. Note that this is the IP address of ns2
mail IN A XXX.XXX.XXX.XXX- Identify the IP address for node mail.
IN MX 5 XXX.XXX.XXX.XXX- Identify the IP address for mail server named "mail".
;
; Aliases to existing nodes in domain
;
www IN CNAME node1 - Define the webserver "www" to be node1.
ftp IN CNAME node1 - Define the ftp server to be node1.

DNS record types and format:

DNS record

Description and Format

SOA

Start of Authority: Primary domain server and contact info
Note that there is a period following the primary domain server and contact email.
Note that the email address is in the form where the first period represents the "@" symbol of the email address.

[Potential Pitfall]: Incorrect specification of the primary name server may result in the following message in /var/log/messages:

view localhost_resolver: received notify for zone 'your-domain.com': not authoritative

SOA attribute

Description

serial

Never use a value greater than 2147483647 for a 32 bit processor.
Increment to a higher value to indicate an update to the slave server.

refresh

Time increment (seconds) between update checks of the serial number with the primary server

retry

Time elapsed before a slave will contact the primary server if a connection failed

expire

Time till primary server information is considered invalid and should be refreshed if there is a new DNS query

minimum

Time for DNS servers should hold domain information in their cache before purging

IN

Indicate Internet.

NS

Specify the Authoratative Name servers for the domain.

A

Specify the IP address associated with the host name.
Format: hostname IN A XXX.XXX.XXX.XXX
Note that in my example, no hostname is specified for the first record. This will define the default for the domain.

CNAME

Specify an alias for the host name.

MX

Mail exchange record. Specify a priority number for the primary and back-up mail servers. The lowest number indicates the default mail server for the domain

[Potential Pitfall]: Ubuntu dapper/hardy/natty - Path names used can not violate Apparmor security rules as defined in /etc/apparmor.d/usr.sbin.named. Note that the slave files are typically named "/var/lib/bind/named.your-domain.com" as permitted by the security configuration. [Potential Pitfall]: Ubuntu dapper/hardy/natty - Create log file and set ownership and permission for file not created by installation:

Named needs write permission on the directory containing the file. This condition often occurs for a new "slave" or "secondary" name server where the zone files do not yet exist. The default (RHEL4/5, CentOS 4/5, Fedora Core 3+, ...):

drwxr-x--- 4 root named 4096 Aug 25 2004 named

drwxrwx--- 2 named named 4096 Sep 17 20:37 slaves

Fix: In named.conf specify that the slaves to go to slaves directory /var/named/chroot/var/named/slaves with the directive:

file "slaves/named.your-domain.com";

Bind Defaults:

Uses port 53 if none is specified with the listen-on port statement.

Bind will use random ports above port 1024 for queries. For use with firewalls expecting all DNS traffic on port 53, specify the following option statement in /etc/named.conf

query-source address * port 53;
query-source-v6 port 53;

Logging is to /var/log/messages

After the configuration files have been edited, restart the name daemon.

/etc/init.d/named restart

(Note: Ubuntu / Debian restart: /etc/init.d/bind9 restart) Bind zone transfers work best if the clocks of the two systems are synchronised. See the YoLinux SysAdmin Tutorial: Time and ntpdFile: /var/named/named.your-domain.com This is created for you by Bind on the slave (secondary) server when it replicates from Primary server.

Chroot Bind for extra security:

Note: Most modern Linux distributions default to a "chrooted" installation. This technique runs the Bind name service with a view of the filesystem which changes the definition of the root directory "/" to a directory in which Bind will operate. i.e. /var/named/chroot. The following example uses the Red Hat RPM bind-8.2.3-0.6.x.i386.rpm. Applies to Bind version 9 as well. The latest RedHat bind updates run the named as user "named" to avoid a lot of earlier hacker exploits. To chroot the process is to create an even more secure environment by limiting the view of the system that the process can access. The process is limited to the chrooted directory assigned. The chroot of the named process to a directory under a given user will prevent the possibility of an exploit which at one time would result in root access. The original default RedHat configuration (6.2) ran the named process as root, thus if an exploit was found, the named process will allow the hacker to use the privileges of the root user. (no longer true) Named Command Sytax:

named -u user -g group -t directory-to-chroot-to

Example:

named -u named -g named -t /opt/named

When chrooted, the process does not have access to system libraries thus a local lib directory is required with the appropriate library files - theoretically. This does not seem to be the case here and as noted above in chrooted FTP. It's a mystery to me but it works???? Another method to handle libraries is to re-compile the named binary with everything statically linked. Add -static to the compile options. The chrooted process should also require a local /etc/named.conf etc... but doesn't seem to??? Script to create a chrooted bind environment:

Note: The current version of bind from the RedHat errata updates and security fixes (http://www.redhat.com/support/errata/) runs the named process as user "named" in the home (not chrooted) directory /var/named with no shell available. (named -u named) This should be secure enough. Proceed with a chrooted installation if your are paranoid.
See:

Chrooted DNS configuration:
Modern releases of Linux (i.e. Fedore Core 3, Red Hat Enterprise Linux 4) come preconfigured to use "chrooted" bind. This security feature forces even an exploited version of bind to only operate within the "chrooted" jail /var/named/chroot which contains the familiar directories:

/var/named/chroot/etc: Configuration files

/var/named/chroot/dev: devices used by bind:

/dev/null

/dev/random

/dev/zero

(Real devices created with the mknod command.)

/var/named/chroot/var: Zone files and configuration information.

These directories are generated and configured by the Red Hat/Fedora RPM package "bind-chroot". If building from source you will have to generate this configuration manually:

mkdir -p /var/named/chroot

mkdir /var/named/chroot/dev

mknod /var/named/chroot/dev/null c 1 3

mknod /var/named/chroot/dev/zero c 1 5

mknod /var/named/chroot/dev/random c 1 8

chmod 666 -R /var/named/chroot/dev

mkdir -p /var/named/chroot/etc

ln -s /var/named/chroot/etc/named.conf /etc/named.conf

mkdir -p /var/named/chroot/var/named

ln -s /var/named/chroot/var/named/named.XXXX /var/named/named.XXXX

ln -s /var/named/chroot/var/named/named.YYYY /var/named/named.YYYY

...

mkdir -p /var/named/chroot/var/named/slaves

mkdir -p /var/named/chroot/var/named/data

mkdir -p /var/named/chroot/var/run

mkdir -p /var/named/chroot/var/tmp

chown -R named:named /var/named/chroot

chown -R root:named /var/named/chroot/var/named

Load Balancing of servers using Bind: DNS Round-Robin

This will populate name servers around the world with different IP addresses for your web server www.your-domain.com

www0 IN A XXX.XXX.XXX.1
www1 IN A XXX.XXX.XXX.2
www2 IN A XXX.XXX.XXX.3
www3 IN A XXX.XXX.XXX.4
www4 IN A XXX.XXX.XXX.5
www5 IN A XXX.XXX.XXX.6
www IN CNAME www0.your-domain.com.
IN CNAME www1.your-domain.com.
IN CNAME www2.your-domain.com.
IN CNAME www3.your-domain.com.
IN CNAME www4.your-domain.com.
IN CNAME www5.your-domain.com.
IN CNAME www6.your-domain.com.

DynDNS.org
Command: ipcheck.py -i eth0 DynDNS-user-idpasswordnode.dnsalias.net
Then add script update.dyndns.ip to directory /etc/cron.daily/ to update IP.
This host must also be allowed access through any firewall rules.

Note that the Name registrations policies for the registrars are stated at ICANN.org.

You must renew with the same registrar within five days BEFORE the expiration date. There is no rule for afterwards.

Most free a domain name 30 days after it expires.

Web Server Load Balancing:

Load balancing becomes important if your traffic volume becomes too great for either your server or network connection or both. Multiple options are available for load balancing.

DNS round-robin: Discussed above, this uses DNS to point users to random server in a list of appropriate servers. This spreads the load among the servers in the list.

Use a Linux Virtual Server to Create a Load Balance Cluster. See next section below.

Run a reverse proxy. See nginx ("engine X"). From a single external internet network connection, route http, smtp, imap or pop3 traffic to various servers on an internal network. Results are pushed back to the nginx proxy for routing to the internet (no caching).

Run the Apache httpd web server module "mod_proxy" to offload processing of dynamic content to another web server. This acts as a reverse proxy, routing external traffic to various servers on an internal network.

Using a Linux Virtual Server to Create a Load Balance Cluster:

You can use a single Linux server to forward requests to a cluster of servers using iptables for IP masquerading and IPVsadm to scale your load. The load balancing server receiving and routing the requests is called the "Linux Virtual Server" (LVS). The LVS receives the requests which are passed to the real servers which process and reply to the request. This reply is forwarded to the client by the LVS.
This feature is available with the Linux 2.4/2.6 kernel. (If compiling kernel: Networking Options + IP: Virtual Server Configuration)
Configuration: This example will load balance http traffic to three web servers and ftp traffic to a fourth server.

A new installation will most likely NOT start the named background process which may be started manually after configuration.
See the YoLinux Init Process Tutorial for more information.
The inetd (or xinetd) background process is the Internet daemon which starts FTP when an ftp request is made.

List of Internet Exchanges - An Internet Exchange (IX) is a junction between multiple principle Internet communication lines. A colo hosted at or close to an IX will have your best ability to handle traffic and your lowest latencies.